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1. #«*i*Rifc#Jfr4ML (CRL) & 

■F4t*. *«iM£*iUMM*«HM***4t; 

CRL ifrl*J#/'#o, ^^^^jSJ OTL t 

&t£4* CRL CRL £t#J^£^ CRL ti^MUM-, 

CRL #UMWF#**.& 5t CRL 

**"CRL «;MU*>M-F4H*t*: CRL 4fc**+fM* 4»* 

>h LDAP/CRL #rt^^, /8 f^#4£Jfc^#Jttt LDAP JR^-Mfc* 
T£-$%4HJkfr SJt CRL 4t4** t « * % * *4L 

4. 4MM*#],g-i£ 1 ti4ratfeitf:&. *4fcM***t, 

* HTTP/CRL ^r^^m, Jfl -f $$'&Jfc>^#3:tf HTTP JH^H-U^ 
ii£^ ^.M^iMt CRL JMfc* t «**4* 

5. #-#*l#«J^-^ l tf^&Jfc'fclL £&M*RiM* tit, 
£ t * ^iUsMM^JL^i*^ ***** CLR MWfc^- 

* RFC 1424/CRL M M RFC1424CRL 

CRL ^r^^.^„ 



6. *M&*Ufl#-£- 1 4*4jT4tJMt&. &Mtfl^45$4ML«*£tt, 
*f*ifc, 3^5SlH#*jMr£.a£.*.«* CRL CRL 

A*. 

9. 4MHx.#l£-& 2 **#AJMtA* «a^i*fti£* 

CRL AIM-** CRL &J^^tl&^-4a5I-=r«^ffi Hub-and- 

Spoke 

*4»* (CRL) * t £ <H«fc*L*r ( CA) ^tfi* 

CRL 4fr*^a<«^#Sj&^i£^94r4L^«^ 

5tit*t— **J&flj^*aifrW CRL A**. 

12. 11 ^^AJfc4fc^, A«**RiM* ****** 

Sfc, £-t£^ CRL AIM- fete t* CRL AiM-*»£* CRL 3];MM* 
t* CRL A#/M^HfriM CRL jk*ft.m.1b&£&SLg¥f 

#^ CRL l"I^ttJ|^f CRL &Mt^^^ 



13- ft**.**:**. 11 *«4H*-Ri£*$4!4Lti 



^^^^^^■f-^^^^^^ffl, Sl^at'fr^Jl ( ITU, iT^^L 

CCITT) 

^.^-^t^^iAii^^ (CA), 'fcttliMfl (l) j£tH#i£^#i^ 
iMM^£>^i^#]*ii£^ttjM*s (2) (^tiiE^t ) #Jt6&4SJ8SHft*j\&-f 

iMfc************^*.^**. £.lT*.?l&tt X.509 #>£t 



1 



X.509i£^ 










*-c 4? f£ Xil 

















































); #,81 

^ *& * ft- iUfc*U* T # Hit ^ 45 & Ti£ 4S t # * 

Z. 4Mfc ITU X.509, #&#f-$#*&££jMt«HM5-- ***lA>ifc#* 
*4L < CRL). & ITU X.509 f iM?-j&4F4Ml*li-£.*, fi-«l*4M,4f 

CRL t*Tfe&4r4t&4fr££t. 
£&£J£ft*i£4$X.**]X CRL, H#**i£*t*fc*T**atJto. - 
«^il*iLft||HM^-^ CRL, CRL 3t#£ 



-f-j^££t— HdM £4* CA # CRL. CA -T&#l 

JM**&, — * CA CRL jM"MJ. 4ultA— 

*7jftJ8^*ML4hft*4*. 

— * CA iM*iH»iii£a&J0l4»Sti CRL 
^^^^irJI-StT^T^il* CRL. 4a**»Hfrfl CRL ^^^^ 

^^#6* crl frmm-ftm-Zr^, ^^aa 7 

*. 

5&**i«J:R**A.9!«.*-##iUfc*t|t. CRL ft 

^tt^^r^. >ML# ft MI # CRL 2U*f¥M&.3L*ft 

ft CRL 4fr*A9JMt£i fta*.d*Hft CA ft CRL, ^-##aj&*0 
CRL ^*Ut****t. iRJ&Sf.itWH^t****^*!*^*.* 
Ji*. ^«^T«Siit— ft&ffl#^&PjM3rft&3Lft CRL It 
iM^*^*^*^*.^*^**. it#£*i3UMt*flJ&*^# CRL 

£ ^iU£>M*l ( CA ), #>HUML#^«*it*^4Mtft#3.iM^ 




CRL iyH^/^a, ^/a/tarjS] CRL £t$U£ t#i£^#;Ml.'K■ 
#4tij£>h CRL ^>ft^«^*#^^iit^^^^^-s^^ 
#]>?H£,&£>hCRL^:3M^t; 

ifti±ifc— #j&J8iMM*»i*-H CRL MM-. 

© 1 ^^^^^^--^^^ife^j^^-^^^^ ^MiMfrfl CRL 
@ 2 4#4M^£.tift&£ifc#iti LDAP/CRL ;g:£ftS#X#^# 

B: 

® 3 ifr**;^^*^***** HTTP/CRL &-*'ft3ttX##* 

B; 

© 4 ^^L#^4lBH^^.^^^ RFC1424/CRL ;&r&ft^#X#7jc 
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&&&&& >ML!JI ¥j 7f JL *fc4Ut , T # 

■ *#— CA tf^j-f-., 

/8 ASN.l (^^^i&^.l) SEQUENCE X.509 CRL 

CertificateList : :=SEQUENCE{ 
tbsCertList TBSCertList, 
signature Algorithm Algorithmldentifier, 
signature BIT STRING 

} 

&t SignatureAlgorithm /8-f CA £*t TSSCertList #M*i&ff 
***Jfc Bt#M£# tf^£r, * t TBS CertList ASN.l SEQUENCE 

TBSCertList : :=SEQUENCE { 

version Version OPTIONAL, 

signature Algorithmldentifier, 

issuer Name, 

thisUpdate Time, 

nextUpdatc Time OPTIONANL, 

revokedCertificates SEQUENCE OF SEQUENCE! 

userCertificate CertificateSeriaNumher, 



revocationDate Date, 
crlEntryExtension Extensions OPTIONAL 
JOPTIONAL 

crlExtensions[0] EXPLICIT Extensions OPTIONAL 

) 

TBSCertList CRL ¥i%J%%2,&. 2L*PBM. CRL 

). 

S^Tft^— * CA fr&T&SJ* CRL Bt^S:^"^^^^. 

CA -Tft&£- CRL t^TT*^#4L^ CRL 
^EarJf^ CA£fMkW*Ti*£ifetta^jM' CRL. 

*J-^ CA sMMti**tMr CRL tfiTtK, * "pull 

iktttfj* ) *T>tf&1£,£-BMc CA T^, CRL. "push" 2T:£~F, CA 

* X.509 JtXttiUM^fc^ft^Aift^ X.500 n *JMfcT. 
X.500 CA £HMa£ti 8 *A&JMHfc CRL. X.500 ^^l^L 

TJP-^JSJMS-flBlt** DAP ( *-f DAP 

JL#, PC ^#.*Jii£*r. T LDAP ( fe^ i 

LDAP T JL# TCP/IP #;fcg-L. 

«M-T«&./B "pull" ^riC.^ LDAP JH^^t^r# CRL. 

ma, at* x.500 8*jR^^*«#wJiay*.*jm6*., -mh^t 

ft *f"3L£ -6 # n # W jUftM^ CRL JiM^M* H ;3r £ Privacy- 

Enhanced Mail ( *Mf*fa$4£tf ) t^3CT— ^it#6^^*o 4MEPEM, 
IPRA ( Internet Policy Registration Authority ) M- % PCA ( Policy 
Certification Authorities) StfriMH ^-S-^T*** LPRA, 
PCA i2l2U9Nr-&'& CA CRL t*Mft*. ******* PCA 
^#4MMMi-*t*M-ttifrH. lfriE*TS*«JJ RFC1424 t^#*M^ 
££&4M£— >H££*fe^#&ittf CRL. CRL**^r*#-**^« 
PCA CRL*.***fl6**^-f *pnU" 



-ftf- "push" 

*#*iMHfrfc£->h CA ^3|tfl?r#*4^£*. Jj-f^MWHft CRLjSSL 
2t-5-*J*Itf CRL ft* AS. i££>ftSJ^'i£&^£iM*ft CA 
tfl CRL, CRL &*r^S, ^^Xt^CRL***.. hl^m 

f"&F\ CRL, ^^^t* CRL ^#j£#s1;MMM^ 

® 1 ^dJ^^J^BJI—^^^^J^ffi-^-wrjSi CRL #&^#2T 
#g). @ 1 #r^# &£EoU^f~ Lotus Domino #r. Domino *Ht->t. Lotus 
-f 1996 -f- 11 ^ £*MWKi*«&» *P Notes 4.5 **lUh&JBL£. *it 

£^ ( page database system) ^*lHfcT*4MN£tt&£ 

#te>tfe^# Internet/Intranet #] ffl * ft JL*MLi*. J8 

i& t * CRL *:#*** Domino t * CRL 9k&fr#L%M&&'5 

# CRL *J;MMM- + , A**.********* Domino JDL**-*- 3. 

-f Java CRL ifrffi API, /8^F% J f-ltf£-**t»2l*.^# , J/B*fc 
Domino UL£-J&-tfi$iM£«J&*$ CRL, *&*/8£««-£4^ CA 
il^ CRL#- 

J^f* ^^^16^ CA CRL te*Nf**3r* 

|5.iti^-W^MT^ CRL **it«, CRL Stfrik 

CRL * £^##3: CA £4>ti. #*ST£# CRL ##*t 
*CRL*:**t. -f^->H^, CA CRL LDAP 



+ CRL £U£i£t# Domino Am.Mto1k&&4tA3gSt 
LDAP 6 «&. LDAP JBL^&# CRL t**Jt 

t^A^t^^i***^^*^ CRL **.***t. 3-* 

CRL «JL^A-^*-f 

A* -Ml***** API CRL A>l;Mt4tJMt 

fl-f CRLi^R^ API&^fl NOI ( Notes Object Interface) 
iyjsj Domino CRL ^Jltfr it CRL +, *M**MUi 

1. t^CRLlUfc^ 

■ # -f CRL jt#j£4$ Domino 4L-£ ( form ) 

CRLft**fc*^^*4L#t/ t £ttib&, itJEL^MMMf: Trusted 
Certificate Authority ( iU£;fcl# ) Revoked Certificate ( %4%#i 

^^M* Memo Trusted Certificate Authority jM£-&& 







Distinguished Name 


RFC 1779 #1 CA ^ # 


Certificate 


CA# X.509*E* 


This Update 


CA-t*.3t^t CRL^BfliJ 


Next Update 


CA T *.£.*f CRL «5 N" Fl 


CRL Number 




LDAP URL 


RFC 2255 tff LDAP URL 


HTTPURL 


HTTP URL 


PCAMailbox 


M -f RFC 1424 CRL PCA % ^-*F*r&iL 



Distinguished Name 5-gL# t 3k$& RFC 1779 #^>aJ§&'6 CA X 
*MnE*|*|-*.*$ CA Certificate ^.fittf Base 64 DERte^. 

CA ^ X.509 V3 Tfc%. 



Certificate ^$tm CA CRL. * 7«jfc* 

>MgH£, Clipboard ^^M^ii^^^^^^tflfr^. This 

Update. Next Update CRL Number ^.gUMMfiUkfrSi] CRL t$t# 
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$L Next Update CRL Number ^-SLTtfifr CRL Number 
Ir&iiL CA CRL^-f-. ik$gt&mrTTrZ*]&f-+#7ttfj CRL 

^L^#«-& CRL. LDAPURL RFC 2255 # LDAPURL, 

LDAP^rt^.S^^^^^^4tir#^l LDAP JH^^ CRL. HTTP 
#r£>R,S4&/rj HTTPURL ^&££tl#3: HTTP UL^fltf CRL. 
PCAMail box ^gL&&m T RFC1424 CRL JDl£~tt CA 6^ PCA fc-f 
PCA &#4Ht*$ CRL:M^3., ««*4tTft*$. 
#>Mk££j# CRL t^^^^^#.^^^i£^^-#^ — >i-* 
Revoked Certificate ^^Mll^^X^ t» Revoked Certificate 







Distinguished Name 


MJL RFC 1779 # CA 


Serial Number 




Revoke Date 




Revocation Reason 





£ Revoked Certificate t> l& T Revocation Reason # *h 
ffiMtf}. Distinguished Name 4^5** Serial Number ^ 

Revocation Reason 

Memo Jt* J8 -f - RFC 1424 PEM fH 4, iMUMi-fcteiSlT^JL 



4^ 




From 


PEM tt&£&jrti«?4Sr#&ftb 


To 


pem ft&4fc*4rttt : ?-tirftjfcjfc 


Date 


PEM >8 a 


Subject 


PEMJS^Wi^. 


Body 


PEM 



• CRL^t4£/|-tf Domino^.® 



t£ Domino ^t^^t^^^^^®^ Trusted Certificate 
Authorities 3%, © ; Revoked Certificates\ By Issuer =fS, @ Revoked 
CertificatesN By Serial Number^©, J^f^A^^^L CA ^/J&^tf 

Trusted Certificates Authorities S «t T : Distinguished 



Name. Current CRL Update Time. Next CRL Update Time Current 
CRL Number *<] , il^^J g Trusted Certificate Authority X 

£^*&gt, "Distinguished Name ART %%>M}J??<]. 
Revoked CertificatesX By Issuer*^ **«T^1 "Distinguished 
Name. Serial Number. Revoked Date Revocation Reason F] , 

ij Revoked Certificate t, 

"Distinguished Name" 4.i-#>f?'J, " Serial Number" it 
*K "Distinguished Name" ^^#^1. 

Revoked CertificatesX By Serial Number %L @ ^ Revoked 
CertificateX By Issuer «, $/?r&^?«J;fcj ft, 4Mff#*E, ^&@#f&-^ 

"Serial Number. Distinguished Name. Revoked Date 
Revocation Reason". ^^^S^, "Serial Number"4LA#^^, 
" Distinguished Name" % H . 

■ Domino ^.S (agent) 

CRL$t4MM££-4|>;iT Java Domino LDAP Retriever (^r 

* ). HTTP Retriever ( fet X RFC 1424 Requester ( ifr$L ). RFC 1424 
Receiver ( ) Http Receiver ( X LDAP Retriever HTTP 
Retriever fcmfr RFC 1424 Requester >ft^^.J& LDAP Retriever 

LDAP JSL&mk. X.500- LDAP & CA # 

CRL, CRL CRL « HTTP Retriever ftm.fi Mfe 

HTTP J0L£-gjL3)££ iM CA ¥j CRL. jfc*K RFC 1424 Requester 
^.Bj-|SI(5Il%«tt^ PCA 4i4SiU3t RFC 1424 CRL ^r^-^-^-?^ 
4. ^S^tj-^^-frJdStBj-, RFC 1424 Receiver AS:***?*, ftj&jft 
ft^JLJi&tttirtr'tJMt CRL, CRL<iHME. CRLltMt. 

Http Receiver -ftS* HTTP fcJH-^^^tt&lMt^rrlHi. 
*4HfcA#, *^«#*.ai*.i*CRL##*CRL*:#*t. ^T^ HTTP 
&%-&m%Llt&fe3- Domino JBL^HJi. *ft«!£#7 — #-ft-J-*»A.# 
*£*Mp CRL^r^^r^6ti#^r^„ ^J^SH^T^M^fc. HTTP POST $ 
& t XSl e* *.SiJ CRL: 
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POST/ XS09CRL. nsf/ HttpReceiver? OpenAgent HTTP/ 1.0 
Conternt-length: <content length> 
Content-type: application/ pkiz-crl 
Content-transfer-encoding: base 64 

<base 64 encoded CRL> 

LDAP Retriever ^« A— *M*«, 8#i£>ft3£#i& 
I/O IMF, ^t^^T^^3S^#^^^-t, 

2- LDAP&^ftS. 

>S 2 #T^, LDAP ^£^-5 LDAP H^^^, «^r# CRL 
#jMfCRL^UM-. 

£ Mfift^R "f LDAP Java & a : JDAP JNDL JDAP A# 
IETF ^MI^;SL# LDAP Java ^ Netscape Directory SDK 

+ £# JDAP. JNDI ( Java Naming and Directory Interface, Java 

^^-n )^ Java Enterprise API ■ £p£% %, IBM. 

HP, Novell ^^piUt^. 

LDAP JH^S&Jfra^***^^*. ^&%$:m%Mft*X^%r%L 
#j£&2t4tik : fr. &iE.1jh&2LT, CA CRL y&#.A'>;k^"3k#tf , f- 
jt.&£4lr£&£*£-9T. LDAP V2£^ft&$|ia&4M*#~^3lft. 
^^-it ( PDU) 3u&#r « LDAP V3 3^ #**1T-3H&fr 3p£l^> 

-5 ldap V2 ji&^ii&j^, £&4r*e ldap KWM^ar**] g^^n 

&9l%MftZ-fc LDAP *fr*ft*ft;8#;fc*a LDAP URL ^ LDAP 
JlUMt + IMf- CA ^Li£# CRL. «J&, *<ft«4fcJ8***i*S CRL Jt^f 
CRL&JM-. 

3. HTTP^r^^S 

HTTP^£ft«#X>f£ft-3U5 LDAP&&<ft&4s4Ma, 3 
HTTP ^r^^S^^'ttAk,^ HTTP Jil^-^Ji^r^^^ CA ft CRLs. 

4. RFC 1424 

1424 CRL CA ^L$r#J CRL, 4fc*£Jfl PCA j&flh 

li 




#} CRL ^Jft^4. CRL-^rt^^A^* CRL - #rt^^>t 4^ 
4: PEM ( flfctf*»0s^>HAX f%VJ>&M4£n^%*> PEM 
CRL - CRL - 

£/>#;£#3Mkiit^ttf Domino Mail-In #L4M-*&£.|i:>»7 — # 
jL##fc^*M**t*J Notes — *t*4.*fr£fl#### 

#*Mtfcj&J8, + *: C3ULib***A5Mf-#H*-fr4tftj&J8. **** 
•iHfrti, £OU,fttt*f4lff4rft^aL: RFC 1424 Recevier ^ RFC 
1424 Requester, tf-f-^Aifri 5 ! RFC 1424 CRL 0 4 

*>* PCA CRL »rS**j- CRL *T#Bt, PCA 

A CRL- JWT RFC 1424 

Requester -ft«*&iJS 

RFC 1424 Requester CRL %kl£M.&-)HMs> IBs* 

#J?|Jl Domino JK.**#*«MM'B#H *f ^-frJIlJ-**.**^ <P# 

5- Http4MM^3 

5 /*t^, Http HTTP *^.jftjSt. *£*H|-4Mtf*.lfc 

JfcfrJfrifc. *»4Ufci£A^, i£>ftm#j£j&£tf CRL CRL 
t- 

6. CRLS'l^MUM 1 

#74e. CRL *:#J#-^1>J*^ Notes fl-t, Afrl#lJ8 7 Notes It 
CRL #L*Mr*JH*J* < & Domino jMhS-h, "FAfe^* 
4~**MM*&&. 4*A**ifrH*i£tt CRL «;Mt#*eUM*. 

CRL. 

Jp@6 i£*tA4niMi Hub-and-Spoke ( t •« ~ > 
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♦ 4U*Nftt CA^kt^L^ CRL 

• **g-* * CRL * 4M- 

' #Jt^T l**.4**W£ spoke JH£-& ( 3§# )• 
JS-f- ^"i^ffi Pull-Push ( 4* - # X Pull-Pull ( 4* - 4* X Push-Only 
( ^ Pull-Only ( ^it.***-A«.^I^ 

***<£*.* Push-Only ( ^ Pull-Only ( JMi), 

H****^«*^Jt^«^+«JlL^»#i^*rf|-2t- #**fl Push- 
Only ^ Poll-Only < ^^'H**^**!^. ^. 
****** ***#.&***■ "4*". ***I/8UMI***J*4* 
i&^*»*## ACL. 

i&*. £j^#i£4He.^t*> "Routing and Replication 

*)" ^* "Replication Type (*«#«)" ****** "Push-Only 
"Basics 15r# "Source Server ( )" * 

4£#> -Destination server ( B***-*)" **fc*^**tf *** 

*»* "Replication Type" *-gL*i5L£* "Pull-Only 

^-f- "Push-Only" *tt CRL 

A***#-*^» "Designer (*^*r *flL. "Pull-Only" 

*) w *ffL. ftf-gl -Pull-Only" 

5. m CRL H Java API 

*******JMMt*#**6 CRL, 
1kJgJ&—te-$i CRL at-ffifrffi** Java API. API :M*# Java CRL 
Access Agent. CRL Access Agent CRL *#>#-tf^ 

public CRL Access Agent (string db Name); 

CRL Access Agent tf$L4^&, 4UH^ #^##2r*£. J Mr 
£#5t CA<ft£-|fr CRL <KMt&, #**!***.*&**#. 
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CRLAccessAgent CrIChecker; 

crlCnecker=new CRLAccessAgentf* RevokedCert. nsP); 
if( ! crlChecker. is Revoked (aDigital Certificate^ 

System, oat. print In ("The certificate is revodedf"); 

return; 

} 

S % CRL Access Agent M -f Notes Object Interface (NOI)# 

Java Utffr«# notes, jar *L*Mp3J Ji. 

JtlM-^Ttffc***.***.* CRLil^r 

VX ±-&&&fa % 7 91 J8 -f # R i£ * * 
*&3L*£*&ttWi£*, #^#«^ifrRiiE^4*4L (CRL) 

J-£ 4- CRL JB^*S&6£>HU£^«m*$4r;iL. 
JUL 802, £>h CRL JMtA««**£*^*HMs$*4^tt£f 

* CRL 1 . £##L 803, J^t * CRL # >h CRL «*";Mt 

**l.*iiM5*4ML. 804. iiitlfc— tt£J8*#*ni*Rt* 

CRL^t=fe^-il CRL - **>MMM-. 

i»Jb.*/irjtfJ£«* GRLiTfHM*, CA CRL ic 

CRL tfjfaffl. ^***A.«***lt««T 
Lotus Domino 4&;MK4— 
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"ft API 
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Dominoflfl^-ll 



CRL 
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LDAP/ 
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HTTP/ 
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/CRLs 



CA#tl 



**&CRL 



CRLs N 




CAM 



CAflml 



CA#ml 



CA#nl 



CA#nI 



-5- 



* 



CRURAS, #-f-&« 



801 



802 



803 



